Fuzzing in OWASP ZAP- Targeted Penetration Testing [Illegal to perform such testing without taking permission from website owners]

Fuzzing:-Like active scan attacking the application but unlike active scan instead of zap, user has more control over the test being perfromed. It allow you to specify what to test, how to test.
.
[ Ссылка ]
No end point exposed, its a manual check because you might want to test the particular fields in different ways & each way can take a lot of time.

Official link- [ Ссылка ]


Prerequisite:-
Install fuzz db files from marketplace if it is not already there.

Demo:-
docker run -d -p 3000:3000 bkimminich/juice-shop
Manually explore [ Ссылка ]
fill admin username admin@juice-sh.op
Let us brute force to identify the correct password and thus identifying week authentication of application.

To fuzz a request string:
- Select a request in one of the tabs that displays messages, it should be opened in text mode.
- Highlight one of the strings you wish to fuzz in the Request tab.
- Right click in the Request tab and select 'Fuzz...'.
- The selected location will be added to the table of 'Fuzz Locations' and it's ready to accept payloads. After selecting the button 'Payloads...', a new dialogue is shown which allows to manage the payloads of the selected location.
- New 'Fuzz Locations' can be added by selecting the position or string in message shown at the left panels, once the location is chosen it can be added by pressing the 'Add...' button of the 'Fuzz Locations' table.
- More options are available in the 'Options' tab allowing to configure with more detail the fuzz process.
- Once at least one 'Fuzz Location' has been defined press the 'Start Fuzzer' button to start the fuzzing.
- The results will then be listed in this tab - select them to see the full requests and responses.

Scripts:-
Message Processors-[ Ссылка ]
Payload Generators:-[ Ссылка ]
Payload Processors:-[ Ссылка ]

свернуть